Windows XP - Home User Self-Defence

all the below listed topics are covered.


The processes for securing Windows XP for Internet use can be split into several sections. These are as follows:

Start with Microsoft
Microsoft Security Toolkit
Microsoft Baseline Security Analyzer

XP Specific security considerations
Disabling or removing Universal Plug and Play (UPnP)
Tightening Raw Sockets permissions
Remove Remote Assistance and Remote Desktop Sharing.

User & Password Security
Disable the Guest Account
Limit the number of unecessary logon accounts
Renaming the Administrator Account
Creating a "dummy" Administrator Account
Removing the "Everyone" group and replacing with "Authenticated Users" on shares
Using effective Passwords
Password protecting the Screensaver
Use passprop to enable network lockout of true Administrator account


File System Security
Use NTFS on all your hard disk partitions
Tightening File Access Permissions
Disabling the default shares
Unhiding file extensions
Enable EFS (Encrypting File System)
Encrypt the Temp directory


Windows XP Services Control
Disabling unnecessary and potentially dangerous services

Networking Security
Shut down unnecessary ports
Close port 445 TCP/UDP by disabling NetBT in Device Manager
Disabling Distributed COM (this gets rid of Port 135)
Clean up your networking bindings (removing File & Print sharing)
Tightening TCP/IP further (using IPSec)
Protecting against Denial of Service Attacks
Restrict access to public Local Security Authority (LSA) information


Security Policy Control
Setting a strong Security Policy
Enable Auditing
Set permissions on the security event log
Password Policy
User Rights Assignment
Security Options
Use the Software Restriction Policies

Other Miscellenous Security Measures
Removing un-needed and insecure subsystems
Turning off VB Scripting
Disable DirectDraw
Disable Dump File Creation
Lock down the Registry
Clear the Paging File at shutdown
Remove the .reg file association from the Registry Editor
Protecting or even removing special binaries
Obtaining regular patches for your system and applications
Unplug your PC from the network when not online


Protection Software
Checking how secure you are at the moment
Personal Firewalls
Anti-Virus Software
Intrusion detection software
Sandboxing
Anti-trojan defences

Clean Install Procedure with Illustrative Screen Captures


Operating System: Windows XP Home Edition - Upgrade Version
System: Personal Computer

http://www.theeldergeek.com/xp_home_instal...l_-_graphic.htm

XP or Not XP ... that is the question


What's the difference between Windows XP Home and Professional editions?



The Home and Professional editions of Windows XP are nearly identical; the only differences are additional features found in the Professional edition that most likely won't appeal to home users. The primary differences, aside from the price and the color of the packaging, are as follows:
Windows XP Home Edition

Contains basic support for multiple users, but all users are "Administrators," so there's no way to set up user accounts with limited privileges. Furthermore, there's no way to secure folders or files from other users on the same machine.
Built-in support for peer-to-peer networking.


Windows XP Professional Edition

Includes extended support for multiple users and profiles, as well as security between users. A user can be an "Administrator" (who has full power to make any changes to the system), or a less-privileged user with a customizable level of privileges. For example, one user's folder can be protected from other users on the same system. Also, you can set up a "guest" account, allowing strangers to use a computer while limiting access to configuration tools and private files.
Built-in support for peer-to-peer networking, plus support for joining a "Windows NT domain."
The Professional edition includes the following components not found in the Home edition:
Administrative Tools (in the Start Menu and Control Panel)
Automated System Recovery (ASR)
Backup
Boot Configuration Manager
DriverQuery
Group Policy Refresh Utility
Multi-lingual User Interface (MUI) add-on
NTFS Encryption Utilitiy
Offline Files and Folders
OpenFiles
Performance Log Manager
Remote Desktop
Scheduled Tasks Console
Security Template Utility
Taskkill
Tasklist
Telnet Administrator
Provides support for multi-processor systems (2 or 4 CPUs), Dynamic Disks, Fax.




http://www.microsoft.com/windowsxp/whichxp.asp

Which Edition Is Right for You?


When upgrading to the Microsoft Windows XP operating system, you have a choice between Windows XP Professional and Windows XP Home Edition. Windows XP Professional contains all the features of Windows XP Home Edition, plus extra features for business and advanced home computing. Is Windows XP Professional the best choice?

Ask yourself these five questions to find out which one is right for you:

Do you want to remotely access your computer so you can work with all your data and applications while away from your desk?
Remote Desktop, a feature found only in Windows XP Professional, lets you set up your computer for connection from any other Windows-based computer. Leave a file at home? Don't want to lug a laptop around? Remote Desktop gives you access to your computer from virtually anywhere. More about Remote Desktop.

Do you connect to a large network?
Windows XP Professional is best for people who connect to large networks, such as a school or office network, since it allows you to join and be managed by a Windows domain. More about joining networks.

Do you need to protect sensitive data in files and folders that are stored on your computer?
The Encrypting File System (EFS), found only in Windows XP Professional, allows you to encrypt your files and folders for added security of sensitive data against theft or hackers. Restricted File Access, also found only in Professional, allows you to restrict access to selected files, applications, and other resources. More about EFS.

Do you need the ability to completely restore your system in the event of a catastrophic failure?
Windows XP Professional provides more robust options for backing up and restoring data than Home Edition. More about System Restore and other restore options.

Would you consider yourself a "power user"?
Windows XP Professional contains a number of incremental features too numerous to list here. Suffice it to say, users who demand the most from their computers will want to "go Pro." Some additional features found only in Windows XP Professional are:

Support for multiple-processor systems
Support for multiple languages
Advanced networking for multiple PC environments

More about Windows XP Professional features.

[b]WinXp and Svchost.exe



A Description of Svchost.exe (Q314056)
http://support.microsoft.com/default.aspx?...b;en-us;Q314056





WinXP Pro: Svchost.exe Prompts for DNS Connection
http://www.dslreports.com/forum/remark,206...ity,1~mode=flat







Description of Universal Plug and Play Features in Windows (Q262458)
Universal Plug and Play (UPnP) is an architecture in Microsoft Windows Millennium Edition (Me), and Microsoft Windows XP, that supports peer-to-peer Plug and Play functionality for network devices. The UPnP specification is designed to simplify device and network service installation and management. UPnP accomplishes device and service discovery and control through a driver-less, standards-based protocol mechanisms. Universal Plug and Play devices can auto-configure network addressing, announce their presence on a network subnet, and enable the exchange of descriptions device and service descriptions. A Windows Me or a Windows XP computer can act as a UPnP control point to discover and control the devices through a web or application interface.

http://support.microsoft.com/default.aspx?...b;EN-US;q262458



SUMMARY The Windows XP kernel includes a number of improvements over Windows 2000 that promote better scalability and overall performance. This article covers these changes and explains how they improve startup time, increase registry size limits, and promote more efficient disk partitioning. Windows XP provides support for 64-bit processors, which is covered here along with a discussion of how side-by-side assemblies end DLL Hell. Also new in the Windows XP kernel is a facility that will roll back driver installations to the Last Known Good state of the registry, making driver installation safer. Other topics include the new volume shadow copy facility, which provides for more accurate backups and improvements in remote debugging.

Misc Sites for Win XP.



Windows XP Homepage Get a preview of the next version of Windows for home and work.[/b]

http://www.microsoft.com/windowsxp/default.asp


Paul Thurott's Supersite Windows XP Tips 'n' Tricks page updated with all new tips!

http://www.winsupersite.com/


NT Compatible:
Windows XP Faq Answers frequently asked questions about the new version of the Windows operating system.

http://www.ntcompatible.com/faq3.shtml



Puzzled about Windows XP Activation!

http://www.dslreports.com/forum/remark,267...winme~mode=flat

XP Install FAQ

http://www.dslreports.com/faq/xpinstall


http://www.dslreports.com/forum/remark,286...winme~mode=flat



M-005c: Office XP Error Reporting May Send Sensitive Documents to Microsoft

http://www.ciac.org/ciac/bulletins/m-005.shtml

Microsoft Error Reporting
Data Collection Policy
Objective
The Microsoft Error Reporting tool allows users to report errors to Microsoft via the Internet. When an error occurs, users with an Internet connection can immediately report the error to Microsoft. If the error report indicates that one or more third-party products were involved in causing the problem, Microsoft may send the report to those third parties. Qualified software or hardware developers (employed by Microsoft or one of its partners) will analyze the fault data and try to identify and correct the problem.

Boot Disk For Win XP


You also can use a Win98 boot disk. There you have a choice to boot with CD-ROM support. You can use fdisk to delete the DOS and non DOS partitions, create a new primary DOS partition, format in FAT32 ect. Note: If your current hard drive is entierly formatted in NTFS, then fdisk probably won't see it and you need to run scanreg.exe first.


If you REALLY want to make boot disks for WinXP PRO go to the following Microsoft site. It will take 6 (yes 6) floppies.
http://support.microsoft.com/?kbid=310994

If I were you I would use a Win98 boot disk as suggested above. Use fdisk to blow away an NTFS partition and format. Put in WinXP disk, boot from CD drive go to option to reformat in NTFS and reload OS.

Good luck


Obtaining Windows XP Setup Boot Disks
The information in this article applies to:
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

This article was previously published under Q310994

http://support.microsoft.com/?kbid=310994

Windows XP KBs


Here are just a few examples..but you can find all of the KB's at the above link.


In-Place Upgrade (Reinstallation)
315341 4/15/2002
"This article explains how to perform an in-place upgrade, or reinstallation, of Windows XP. This can also be called a repair installation. When you perform an in-place upgrade of Windows XP, you reinstall Windows to the same folder. You may want to do this if you need to repair your installation of Windows XP. To reinstall Windows XP, use either of the following methods."


How to Perform an In-Place Upgrade (Reinstallation) of Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;315341



Password Reset Disk Creation
305478 8/5/2002
"This article describes how to create and use a password reset disk for a computer that is part of a workgroup, or that is not connected to a network. You can use a password reset disk to gain access to your Microsoft Windows XP-based computer if you forget your password."


HOW TO: Create and Use a Password Reset Disk for a Computer That Is Not a Domain Member in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;305478








Windows Messenger
302089 2/14/2002
"This article describes how to prevent Windows Messenger from running. By default, Windows XP Professional and Windows XP Home Edition install Windows Messenger, and the user interface does not provide a way to remove or to uninstall Windows Messenger."

How to Prevent Windows Messenger from Running on a Windows XP-Based Computer

http://support.microsoft.com/default.aspx?...kb;EN-US;302089

this is a useful one to delete unwanted user profiles,User Profile Deletion Utility (Delprof.exe)
http://www.microsoft.com/downloads/details...&DisplayLang=en

Troubleshooting Internet Connection Firewall on Windows XP

The Internet Connection Firewall (ICF) feature of Microsoft Windows XP provides a personal stateful firewall, which provides protection for computers against incoming traffic from the Internet. This article describes how ICF works, how to enable it, common problems with using ICF, and the set of tools used to troubleshoot ICF issues.

http://download.microsoft.com/download/6/0.../ICF_Tshoot.doc

http://www.microsoft.com/windowsxp/expertz...ips/default.asp

The site above is for XP users by XP users.......the following is by MS itself

http://www.microsoft.com/windowsxp/home/us...ips/default.asp

What is the Windows XP Tweaking Companion?


The Windows XP Tweaking Companion (XPTC) is the complete Windows XP and system optimization guide. No longer do you have to put up with so-called XP Tweak Guides which have a handful of Registry tweaks and some vague optimization advice - the XPTC brings an enormous range of detailed descriptions and resources together in one free 170 page downloadable PDF file. Everything from the correct installation of Windows and critical software and drivers, through to recommendations for every significant setting in XP, all the major performance, visual and convenience tweaks, and descriptions of XP's functionality. The XPTC includes comprehensive chapters on overclocking, benchmarking and stress testing, troubleshooting and regular maintenance procedures. Basically the XPTC is the mother of all Windows XP Tweak Guides and System Optimization Guides, and it's right here for you to try for yourself.


http://www.tweakguides.com/XPTC.html


This file is free to download. When downloading this file please be patient, the site may be quite slow due to heavy demand for the XPTC. If you wish to link to the XPTC, link directly to this page and not the file itself.


Once downloaded, extract the XPTC.pdf file from the .zip file and use the free Acrobat Reader software (Version 5.0 or higher) to read and print the document. Note that the XPTC file has been thoroughly checked and is not damaged or corrupt.

Grand Dad

Optimize XP - A Windows XP Optimization Guide
Secure XP - A Windows XP Security Guide
Driver XP - A Windows XP Driver Guide
XP Myths
XP Requirements

http://mywebpages.comcast.net/SupportCD/SecureXP.html



I have not tried any of these so be sure and back up your system in case have a problem.

Grand Dad

Site also has some good Links on it..

The totally revised TweakGuides Tweaking Companion Version 3.0 is the complete system optimization guide for Windows XP users. It contains an enormous amount of detailed descriptions and resources together in one free 175 page downloadable PDF file. Everything from the correct installation of Windows and critical software and drivers, through to recommendations for every significant setting in XP, all the major performance, visual and convenience tweaks, and descriptions of XP's functionality. The guide contains dozens of links to major free applications for optimizing and maintaining your system, as well as to a vast range of resources for finding out more about your PC and troubleshooting PC problems. Basically the TweakGuides Tweaking Companion is the mother of all Windows XP tweak guides and system optimization guides.

Important: The guide has now been significantly revised, so users of all previous versions of the guide are urged to upgrade to the latest version. Note thatthis guide was formerly called 'The Windows XP Tweaking Companion' (XPTC), however the name has been changed due to legal action by Microsoft.

TweakGuides Tweaking Companion [Deluxe Edition]
The TweakGuides Tweaking Companion Deluxe Edition is a 215 page guide which can either be sent to you in PDF format, or purchased as a professionally printed and bound book. Find out more about the Deluxe Edition.

TweakGuides Tweaking Companion [Regular Edition]
To download the free 175 page PDF Regular Edition of the TweakGuides Tweaking Companion, click the button below:

Filename: TGTC_3.0.zip
Version: 3.00
Last Updated: 5 January 2006
Size: 1.9MB
Cost: Free

Once downloaded, extract the TweakingCompanion_3.0.pdf file from the .zip file and use Acrobat Reader 5.0 or higher or Foxit Reader to read and print the document. If you use an Acrobat Reader older than 5.0 will receive an error message. You can get the latest version of Acrobat Reader free by clicking the button below:

If You Like This Guide
In deciding to make the Regular Edition of this guide free of charge, I took into consideration the fact that the information in it might help a lot of people, and it would be petty of me to try to charge for it. However many months of my spare time went into compiling and editing this guide. So if you find the guide useful please consider purchasing the TweakGuides Tweaking Companion Deluxe Edition or make a small donation to TweakGuides.com by clicking the PayPal button . PayPal is 100% secure and safe to use.

Windows XP Tweaking Companion»